Added max length checking of hostname

commit: 89f77623b8539a84fb18dc92f739b5bb791d7cb0 [log] [tgz]
author: Simon Butcher <simon.butcher@arm.com> Sun Sep 27 22:50:49 2015 +0100
committer: Simon Butcher <simon.butcher@arm.com> Sun Sep 27 22:50:49 2015 +0100
tree: 48960f0f8253b7692358e2ab688294a4eef28b9d
parent: f592e8eaf6f970489c57e02ac35c3f6721c51413 [diff]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2d7beb3..780aa62 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -139,6 +139,9 @@
 #define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
 
+#define MBEDTLS_SSL_MAX_HOST_NAME               255 /*!< Maximum host name
+defined in RFC 1035 */
+
 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
  * NONE must be zero so that memset()ing structure to zero works */
 #define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d9b05fd..23165a4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5833,6 +5833,9 @@
     if( hostname_len + 1 == 0 )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
+    if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
 
     if( ssl->hostname == NULL )
commit	89f77623b8539a84fb18dc92f739b5bb791d7cb0	[log] [tgz]
author	Simon Butcher <simon.butcher@arm.com>	Sun Sep 27 22:50:49 2015 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Sun Sep 27 22:50:49 2015 +0100
tree	48960f0f8253b7692358e2ab688294a4eef28b9d
parent	f592e8eaf6f970489c57e02ac35c3f6721c51413 [diff]